package com.aaa.sso.config;

import com.aaa.common.bo.User;
import com.aaa.common.constants.BusinessConstant;
import com.aaa.sso.util.CustomModularRealmAuthenticator;
import com.aaa.sso.util.MemberRealm;
import com.aaa.sso.util.UserRealm;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.swing.*;
import java.util.*;

@Configuration
public class ShiroConfig {

    /**
     * 实例化ShiroFilterFactoryBean
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(){
        ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
        //可以按照put的先后循序存放值
        Map chainDefinitionMap=new LinkedHashMap();
        //chainDefinitionMap.put("/js/**","anon");
        //所有请求直接放行
        chainDefinitionMap.put("/**","anon");
        //确定拦截或者放行
        shiroFilterFactoryBean.setFilterChainDefinitionMap(chainDefinitionMap);
       //配置SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager());

        return shiroFilterFactoryBean;
    }

    /**
     * 安全管理器 是shiro的核心组件 所有的认证和授权都是他来执行的
     * @return
     */
    @Bean
    public DefaultWebSecurityManager securityManager(){

        DefaultWebSecurityManager defaultWebSecurityManager=
                new DefaultWebSecurityManager();
        //设置认证器
        defaultWebSecurityManager.setAuthenticator(customModularRealmAuthenticator());
        //定义一个Realms列表
        List<Realm> realmList=new ArrayList<>();
        //添加用户
        realmList.add(memberRealm());
        //添加会员
        realmList.add(userRealm());

        defaultWebSecurityManager.setRealms(realmList);
        return defaultWebSecurityManager;

    }

    /**
     *设置认证策略
     * @return
     */
    @Bean
    public CustomModularRealmAuthenticator customModularRealmAuthenticator(){
        CustomModularRealmAuthenticator customModularRealmAuthenticator=
                new CustomModularRealmAuthenticator();
        //双realm 只要有一个realm认证成功，就成功
        customModularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return customModularRealmAuthenticator;
    }

    @Bean
    public MemberRealm memberRealm(){
        MemberRealm memberRealm=new MemberRealm();
        //验证匹配器，设置加密算法及加盐
        memberRealm.setCredentialsMatcher(credentialsMatcher());
        return memberRealm;
    }
    @Bean
    public UserRealm userRealm(){
        UserRealm userRealm=new UserRealm();
        //验证匹配器，设置加密算法及加盐
        userRealm.setCredentialsMatcher(credentialsMatcher());
        return userRealm;
    }

    /**
     * 实例化验证匹配器，设置加密算法名称及hash次数
     * @return
     */
    @Bean
    public CredentialsMatcher credentialsMatcher(){
        HashedCredentialsMatcher credentialsMatcher=
                new HashedCredentialsMatcher();
        //设置加密算法名称
        credentialsMatcher.setHashAlgorithmName(BusinessConstant.CredentialsPassword.ALGORITHM_NAME);
        //设置hash次数
        credentialsMatcher.setHashIterations(BusinessConstant.CredentialsPassword.HASH_ITERATIONS);
        return credentialsMatcher;
    }
}
